INVITED SPEAKER

TITLE

ABSTRACT

Graphical models have emerged as a widely adopted approach to conducting security analysis for computer and network systems. The power of graphical models lies in two aspects: the graph structure can be used to capture correlations among security events, and the quantitative reasoning over the graph structure can render useful triaging decisions when dealing with the inherent uncertainty in security events. In this talk I will reflect on how we have tackled the challenges in effective leveraging these powers afforded by graphical model in security analysis. I will argue that the most difficult task for research in this area is to understand the real world constraints under which security analysts must operate with. Those constraints dictate what parameters are realistically obtainable to use in the designed graphical models, and what type of reasoning results can be useful to analysts. I will present how we use this bottom-up approach to design customized graphical models for enterprise network intrusion analysis. In this work, we had to design specific graph generation algorithms based on the concrete security problems at hands, and customized reasoning algorithms to use the graphical model to yield useful tools for analysts. Last, I will talk about the lessons we learned over the past ten years of research in this area, and my thinking on how we can take it further to fully unleash the power of this mathematical reasoning capability and build useful security analytical tools for the real world.

SPEAKER'S BIOGRAPHY

Dr. Xinming (Simon) Ou is currently associate professor of Computer Science and Engineering at University of South Florida. He received his PhD from Princeton University in 2005. Before joining USF in fall 2015, he had been a faculty member at Kansas State University since 2006. Dr. Ou's research is primarily in cyber defense technologies, with focuses on intrusion/forensics analysis, cloud security and moving-target defense, mobile system security, and cyber physical system security. His MulVAL attack graph tool has been used by Idaho National Laboratory, Defence Research and Development Canada - Ottawa, NATO, NIST, Thales Groups, General Dynamics, Johns Hopkins University Applied Physics Lab, and by researchers from numerous academic institutions. Dr. Ou's research has been funded by U.S. National Science Foundation, Department of Defense, Department of Homeland Security, Department of Energy, National Institute of Standards and Technology (NIST), HP Labs, and Rockwell Collins. He is a recipient of 2010 NSF Faculty Early Career Development (CAREER) Award, a three-time winner of HP Labs Innovation Research Program (IRP) award, and 2013 Kansas State University Frankenhoff Outstanding Research Award.